CVE-2016-9717

MEDIUM

IBM InfoSphere Master Data Management 10.1-11.6 - HTTP Parameter Override via Duplicated Parameters

Title source: llm
STIX 2.1

Description

HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated parameters which may produce an anomalous behavior in the application that can be potentially exploited.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/100074
Patch, Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg22006605
VDB Entry, Vendor Advisory x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/119730

Scores

CVSS v3 6.5
EPSS 0.0112
EPSS Percentile 62.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (14)
IBM/InfoSphere Master Data Management 10.1
IBM/InfoSphere Master Data Management 10.1.0
IBM/InfoSphere Master Data Management 11.0
IBM/InfoSphere Master Data Management 11.0.0
IBM/InfoSphere Master Data Management 11.3
IBM/InfoSphere Master Data Management 11.4
IBM/InfoSphere Master Data Management 11.5
IBM/InfoSphere Master Data Management 11.6
ibm/infosphere_master_data_management_server 10.1
ibm/infosphere_master_data_management_server 11.0
... and 4 more
Published Jul 31, 2017
Tracked Since Feb 18, 2026